| |
| |
|
Security Information |
|
|
|
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living. The Internet, in particular, means for us boundless opportunities in life and business - but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us. Warning: There are Websites You'd Better Not Visit Phishing websites Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students. Keyloggers and Trojans Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information. It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively. Fraudulent websites are on the rise Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated. A Hybrid Scam In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details. This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV). As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order. Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products. Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file. In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly. What a user can do to avoid these sites? As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank. Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse. As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive. As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk. Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work. Learn more -- visit the company's website http://www.anti-keyloggers.com
MORE RESOURCES:
Security - Google News |
|
|
|
RELATED ARTICLES
Spyware Programs Are Out To Get You! The average computer is packed with hidden software that can secretly spy on online habits.The US net provider EarthLink said it uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year. Blogs as Safe Haven for Cybercriminals? To blog or not to blog? Well, why not? Lots of people like either to write or to read blogs -- sometimes both. The much-quoted survey by the Pew Internet & American Life Project, says 27 percent read blogs. How to Fight Spyware If you are wondering how to fight spyware for safe web surfing, this Internet privacy article will answer some of your questions. By now you have probably heard about the dangers of spyware. Personal Firewalls - Secure Your Computer There has not been a time in the history of the personal computer that firewalls and anti-virus programs have been more necessary and in-demand. Today, personal computer security is not only threatened by viruses and worms, but also by spyware - those severely annoying programs that are illegally loaded onto your computer from the internet. Social Engineering - The Real E-Terrorism? One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. Spyware is Not Like a Nosy Neighbor Remember the television show about the nosy neighbor Mrs. Kravitz always peeking out her window or over the fence, sometimes even knocking on the door just to find out what was going on in her neighborhood? If you don't wait a month or so and the DVD or the movie will be out. Web Browsing - Collected Information You may not realize it, but as you are surfing the web all sorts of details are being left behind about your computer and where you have been. Most of this information is used harmlessly in website statistics, but it could also be used to profile you, or identify you as a vulnerable target for an exploit. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!Variants BookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Network Security 101 As more people are logging onto the Internet everyday, Network Security becomes a larger issue. In the United States, identity theft and computer fraud are among the fastest rising crimes. Dont Get Hacked - A Guide to Protecting Your Business from Thieves You've seen it in the news - 40 million credit cards exposed!With all the news about web sites being hacked and cyber thieves stealing credit card numbers and other personal data, it's no wonder that some shoppers are still hesitant to provide payment information online. You don't have to be. Computer Viruses - How to Remove a Computer Virus from Your Computer Computer viruses infect millions of computers every day. Viruses can destroy data, steal important information, and even make a computer completely unusable. Phishing - Identity Theft & Credit Card Fraud What is Phishing? Phishing is a relatively newly coined term for a kind of method for harvesting information for identity theft. Phishing is quite simply providing a person with false information or credentials to trick them in to giving you their personal information. Cyber Crooks Go Phishing "Phishing," the latest craze among online evil-doers, has nothing to do with sitting at the end of a dock on a sunny afternoon dangling a worm to entice hungry catfish.But, if you take their bait, this new breed of online con artist will hook you, reel you in, and take you for every dollar you have. Protecting Your Home Both Inside and Out If you are a parent, you have probably wondered at one time or another, what more you can do to protect your children and yourself, not only physically but emotionally, mentally, spiritually etc. Today many parents and families are discouraged. Is The Internet Over Regulated Today's Internet or World Wide Web is being over regulated.But, are you being taken for a ride, are you lead to believe that Governments World Wide are creating new legislation for your benefit or are there underlying factors that these laws are more beneficial to Governments and big business?First we had the Can-Spam and other laws passed regulating the sending of unsolicited commercial e-mail, that contains false or deceptive subject information, or that is sent from invalid e-mail addresses, but for me, my inbox still seems to always be full of junk mail. Mall Protection The Loss Prevention Manager should be receptive to the needs and objectives of upper management and work to prevent and reduce loss from crime, fire accidents etc.With the continuing threats brought to us by our AL Quaeda and Taliban enemies and the outbreak of new TV shows that reinforce the danger we all face on a daily basis, one must look within as to how we can protect ourselves from threats both real and imagined. New CipherSend Online Security Service Thwarts Email Address Theft And Soothes Password Fatigue In 1997, I decided after 15 years as a practicing CPA that it was time to put down my pencil and explore a new venture on the exciting new internet which, while perhaps not exactly in its infancy at that point, was still at least a pimply faced teenaged medium still unexplored by most accountants.I founded CPAsites. Computer Viruses, Worms, and Hoaxes In recent days, I was one of the unfortunate persons to receive the "Mydoom" worm emails. Not just one, but at least forty appeared in my popserver mailbox. Another Fine Mess! I'm in the Anti-Spyware business, and I'm doing a lot of advertising to promote my website, but here I am online and on the phone, giving my personal information to.. Is the Internet Insecure Because of You? Long gone are the days that we could feel secure and know for certain that we had privacy. With the digital age upon us we can no longer be so sure that our privacy is secure.
|
| home | site map |
| © 2006 |
